= Reproducible installs = == mmdebstrap == The DebianPkg:mmdebstrap program creates reproducible chroots if the '''SOURCE_DATE_EPOCH''' environment variable is defined. == debuerreotype == The DebianPkg:debuerreotype program creates reproducible chroots. == debootstrap == The DebianPkg:debootstrap program does not create reproducible chroots out-of-the-box. Commands used: {{{ for n in 1 2 ; do debootstrap --foreign unstable debootstrap-firststage-$n http://httpredir.debian.org/debian/ cp -al debootstrap-firststage-$n debootstrap-secondstage-$n DEBOOTSTRAP_DIR=debootstrap-secondstage-$n/debootstrap debootstrap --second-stage --second-stage-target=debootstrap-secondstage-$n done diffoscope debootstrap-firststage-{1,2} }}} The first-stage debootstrap for a particular Release file is not reproducible, the debootstrap.log file contains timestamps: {{{ # diff -Naur debootstrap-firststage-{1,2} diff -Naur debootstrap-firststage-1/debootstrap/debootstrap.log debootstrap-firststage-2/debootstrap/debootstrap.log --- debootstrap-firststage-1/debootstrap/debootstrap.log 2014-09-24 10:18:42.472604407 +0800 +++ debootstrap-firststage-2/debootstrap/debootstrap.log 2014-09-24 10:33:57.042221221 +0800 @@ -883,8 +883,8 @@ Setting up tzdata (2014g-1) ... Current default time zone: 'Etc/UTC' -Local time is now: Wed Sep 24 02:16:57 UTC 2014. -Universal Time is now: Wed Sep 24 02:16:57 UTC 2014. +Local time is now: Wed Sep 24 02:32:13 UTC 2014. +Universal Time is now: Wed Sep 24 02:32:13 UTC 2014. Run 'dpkg-reconfigure tzdata' if you wish to change it. Setting up debconf-i18n (1.5.53) ... }}} The second-stage debootstrap is not reproducible, some files are different: {{{ /etc/machine-id /var/cache/ldconfig/aux-cache /var/cache/man/cs/index.db /var/cache/man/da/index.db /var/cache/man/de/index.db /var/cache/man/es/index.db /var/cache/man/fi/index.db /var/cache/man/fr/index.db /var/cache/man/hu/index.db /var/cache/man/id/index.db /var/cache/man/index.db /var/cache/man/it/index.db /var/cache/man/ja/index.db /var/cache/man/ko/index.db /var/cache/man/nl/index.db /var/cache/man/pl/index.db /var/cache/man/pt/index.db /var/cache/man/pt_BR/index.db /var/cache/man/ru/index.db /var/cache/man/sl/index.db /var/cache/man/sv/index.db /var/cache/man/tr/index.db /var/cache/man/zh_CN/index.db /var/cache/man/zh_TW/index.db /var/log/alternatives.log /var/log/bootstrap.log /var/log/dpkg.log }}} * The machine-id should be set on first boot instead by calling {{{systemd-machine-id-setup}}} * The dpkg.log and file alternatives.log contain timestamps on each line. If they are stripped then the files are the same. * The bootstrap.log file contains two timestamps at the beginning. If they are stripped then the file is the same. * man-db databases contain a timestamp (DebianBug:760895). This will be moved into the database file mtime. == debian-live images == See [[ReproducibleInstalls/LiveImages]] == debian-cloud images == No testing done yet. == Misc == Running debootstrap against snapshot.debian.org will help reproduce when time has passed. == See Also == * [[https://github.com/lamby/debootstrap/commits/pu/source-date-epoch|reproducible debootstrap]] * [[ReproducibleBuilds|Reproducible Builds]] * [[ReproducibleBuilds/Contribute#Working_on_installation_media_or_live_systems|bash script to analyze images]] * [[https://news.ycombinator.com/item?id=8950891|Discussion on Hacker News]] * [[https://chris-lamb.co.uk/posts/free-software-activities-in-july-2016|Reproducible images for Webconverger]] ([[https://www.youtube.com/watch?v=FaBFbkBhnXI|video]]) * [[https://tails.boum.org/blueprint/reproducible_builds/|Tails reproducible builds blueprint]]